03-18-2009 10:59 AM - edited 02-21-2020 03:21 AM
I am at my wits end trying to figure this out. We are in the process of replacing our good ol' 3030 with an ASA 5510 for vpn purposes. I have setup the ASA as follows:
E0/0 is the public interface: xxx.xxx.199.10/24
E0/1 is the private interface: 172.20.72.0/24
The remote clients get a 10.12.27.xxx address from the ASA.
The client get the address fine, but can not access anything on the 172.20.72.xxx network. What piece am I missing? Some type of NAT?
Solved! Go to Solution.
03-20-2009 02:24 PM
William, glad all has worked, don't forget to rate helpful posts.
Regards
03-18-2009 01:23 PM
check your nonat acl to make sure you permit RA vpn pool network,
access-list nside_nat0_outbound extended permit ip 172.20.72.0 255.255.255.0 10.12.27.0
nat (inside) 0 access-list inside_nat0_outbound
if you already have a nonat acl peimiting the traffic then make sure you have NAT-T enabled globally in ASA :
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1
Regards
03-19-2009 02:52 PM
William, is your problem resolved with the suggestions I have provided, let us know otherwise to assist you fruther.
Regards
03-20-2009 06:22 AM
I am in the same boat, but I am missing the big picture.
Here is my IP configs of my VPN connected client:
PPP adapter NationalAccess - BroadbandAccess:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 70.211.67.89
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.211.67.89
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
I have attached the ipconfig and route print. The ASA address is: 163.105.74.249
I can ping the ASA and Yahoo, but no inside addresses (10.4.4.x)
Can you give me some ideas of what is wrong. I am using split tunneling.
03-20-2009 07:42 AM
still stuck,
I will send my config file if that is okay.
03-20-2009 08:10 AM
03-20-2009 01:03 PM
The vpn is now working. I added your suggestions. I also added a route I had oitted in the router for the 172.20.72.x network to send 10.12.27.x traffic to the asa5510 at 172.20.72.5. After that, pings and access worked. Thanks
03-20-2009 02:24 PM
William, glad all has worked, don't forget to rate helpful posts.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide